CVE-2017-5932

Опубликовано: 20 янв. 2017

Источник: redhat

CVSS3: 7.8

EPSS Низкий

Описание

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

Отчет

This issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux as they did not include the commit which introduced it.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	bash	Not affected
Red Hat Enterprise Linux 6	bash	Not affected
Red Hat Enterprise Linux 7	bash	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1420674bash: Code execution in bash autocompletion

EPSS

Процентиль: 44%

0.00213

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2017-5932

CVSS3: 7.8

ubuntu

почти 9 лет назад

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

CVE-2017-5932

CVSS3: 7.8

nvd

почти 9 лет назад

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

CVE-2017-5932

CVSS3: 7.8

debian

почти 9 лет назад

The path autocompletion feature in Bash 4.4 allows local users to gain ...

GHSA-7893-9j9h-935c

CVSS3: 7.8

github

больше 3 лет назад

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

EPSS

Процентиль: 44%

0.00213

Низкий

7.8 High

CVSS3